From ed0699886f49e5dd8d6ca9ffb60ba17cd76a810f Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>

Date: Mon, 7 Jun 2021 17:49:57 +0200

Subject: [PATCH 1/5] status/network: Disable modem connection when windows

 aren't allowed

The item launches the corresponding Settings panel when activated, which

doesn't work when windows are disabled by the session mode. Rather than

failing silently, turn the item insensitive.

---

 js/ui/status/network.js | 12 ++++++++++++

 1 file changed, 12 insertions(+)

diff --git a/js/ui/status/network.js b/js/ui/status/network.js

index b3bb7589c..3ad7b04dd 100644

--- a/js/ui/status/network.js

+++ b/js/ui/status/network.js

@@ -514,6 +514,10 @@ var NMDeviceModem = class extends NMConnectionDevice {

                 this._iconChanged();

             });

         }

+

+        this._sessionUpdatedId =

+            Main.sessionMode.connect('updated', this._sessionUpdated.bind(this));

+        this._sessionUpdated();

     }

     get category() {

@@ -525,6 +529,10 @@ var NMDeviceModem = class extends NMConnectionDevice {

                     'connect-3g', this._device.get_path()]);

     }

+    _sessionUpdated() {

+        this._autoConnectItem.sensitive = Main.sessionMode.hasWindows;

+    }

+

     destroy() {

         if (this._operatorNameId) {

             this._mobileDevice.disconnect(this._operatorNameId);

@@ -534,6 +542,10 @@ var NMDeviceModem = class extends NMConnectionDevice {

             this._mobileDevice.disconnect(this._signalQualityId);

             this._signalQualityId = 0;

         }

+        if (this._sessionUpdatedId) {

+            Main.sessionMode.disconnect(this._sessionUpdatedId);

+            this._sessionUpdatedId = 0;

+        }

         super.destroy();

     }

-- 

2.31.1

From 59d52e1591e1522fff22320c657496ca978a7926 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>

Date: Mon, 7 Jun 2021 18:28:32 +0200

Subject: [PATCH 2/5] status/network: Only list wifi networks that can be

 activated

Setting up a connection for an Enterprise WPA(2) encrypted wireless

network requires Settings. That's not available when windows are

disabled via the session mode, so filter out affected entries.

---

 js/ui/status/network.js | 29 ++++++++++++++++++++++++++++-

 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/js/ui/status/network.js b/js/ui/status/network.js

index 3ad7b04dd..c023022a7 100644

--- a/js/ui/status/network.js

+++ b/js/ui/status/network.js

@@ -1,5 +1,5 @@

 // -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-

-const { Clutter, Gio, GLib, GObject, NM, St } = imports.gi;

+const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi;

 const Mainloop = imports.mainloop;

 const Signals = imports.signals;

@@ -751,6 +751,11 @@ var NMWirelessDialog = class extends ModalDialog.ModalDialog {

             this._scanTimeoutId = 0;

         }

+        if (this._syncVisibilityId) {

+            Meta.later_remove(this._syncVisibilityId);

+            this._syncVisibilityId = 0;

+        }

+

         super.destroy();

     }

@@ -1081,9 +1086,31 @@ var NMWirelessDialog = class extends ModalDialog.ModalDialog {

             this._itemBox.insert_child_at_index(network.item.actor, newPos);

         }

+        this._queueSyncItemVisibility();

         this._syncView();

     }

+    _queueSyncItemVisibility() {

+        if (this._syncVisibilityId)

+            return;

+

+        this._syncVisibilityId = Meta.later_add(

+            Meta.LaterType.BEFORE_REDRAW,

+            () => {

+                const { hasWindows } = Main.sessionMode;

+                const { WPA2_ENT, WPA_ENT } = NMAccessPointSecurity;

+

+                for (const network of this._networks) {

+                    const [firstAp] = network.accessPoints;

+                    network.item.visible =

+                        hasWindows ||

+                        network.connections.length > 0 ||

+                        (firstAp._secType !== WPA2_ENT && firstAp._secType !== WPA_ENT);

+                }

+                return GLib.SOURCE_REMOVE;

+            });

+    }

+

     _accessPointRemoved(device, accessPoint) {

         let res = this._findExistingNetwork(accessPoint);

-- 

2.31.1

From 9d204cdb38bcfee214dbe0b0bf9c2073dc50fe93 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>

Date: Tue, 8 Jun 2021 00:17:48 +0200

Subject: [PATCH 3/5] status/network: Consider network-control action

NetworkManager installs a `network-control` polkit action that can

be used to disallow network configuration, except that we happily

ignore it. Add it to the conditions that turn a network section

insensitive.

---

 js/ui/status/network.js | 20 +++++++++++++++++---

 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/js/ui/status/network.js b/js/ui/status/network.js

index c023022a7..79729e01b 100644

--- a/js/ui/status/network.js

+++ b/js/ui/status/network.js

@@ -1,5 +1,5 @@

 // -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-

-const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi;

+const { Clutter, Gio, GLib, GObject, Meta, NM, Polkit, St } = imports.gi;

 const Mainloop = imports.mainloop;

 const Signals = imports.signals;

@@ -1683,11 +1683,25 @@ var NMApplet = class extends PanelMenu.SystemIndicator {

         this._client.connect('connection-removed', this._connectionRemoved.bind(this));

         Main.sessionMode.connect('updated', this._sessionUpdated.bind(this));

-        this._sessionUpdated();

+

+        this._configPermission = null;

+        Polkit.Permission.new(

+            'org.freedesktop.NetworkManager.network-control', null, null,

+            (o, res) => {

+                try {

+                    this._configPermission = Polkit.Permission.new_finish(res);

+                } catch (e) {

+                    log('No permission to control network connections: %s'.format(e.toString()));

+                }

+                this._sessionUpdated();

+            });

     }

     _sessionUpdated() {

-        let sensitive = !Main.sessionMode.isLocked && !Main.sessionMode.isGreeter;

+        const sensitive =

+            !Main.sessionMode.isLocked &&

+            !Main.sessionMode.isGreeter &&

+            this._configPermission && this._configPermission.allowed;

         this.menu.setSensitive(sensitive);

     }

-- 

2.31.1

From 7d2c8aabb86b9942c99ae9b7157dbffb875acde9 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>

Date: Thu, 10 Jun 2021 23:12:27 +0200

Subject: [PATCH 4/5] sessionMode: Enable networkAgent on login screen

We will soon enable the network sections in the status menu on the

login screen, so enable the network agent to handle authentication

requests (like wifi/VPN passwords).

---

 js/ui/sessionMode.js | 4 +++-

 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/js/ui/sessionMode.js b/js/ui/sessionMode.js

index 25aa75a3d..fa7f83416 100644

--- a/js/ui/sessionMode.js

+++ b/js/ui/sessionMode.js

@@ -43,7 +43,9 @@ const _modes = {

         isGreeter: true,

         isPrimary: true,

         unlockDialog: imports.gdm.loginDialog.LoginDialog,

-        components: ['polkitAgent'],

+        components: Config.HAVE_NETWORKMANAGER

+            ? ['networkAgent', 'polkitAgent']

+            : ['polkitAgent'],

         panel: {

             left: [],

             center: ['dateMenu'],

-- 

2.31.1

From 07ce899bcb9d30991262d6c484508e6c5fa14c85 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>

Date: Tue, 8 Jun 2021 00:19:26 +0200

Subject: [PATCH 5/5] status/network: Do not disable on login screen

We currently disable all network items on both the lock- and login

screen. While it makes sense to be very restrictive on the lock screen,

there are some (fringe) use cases for being more permissive on the

login screen (like remote home directories only accessible via VPN).

There's precedence with the power-off/restart actions to be less

restrictive on the login screen, and since we started respecting

the `network-control` polkit action, it's possible to restore the

old behavior if desired.

---

 js/ui/status/network.js | 1 -

 1 file changed, 1 deletion(-)

diff --git a/js/ui/status/network.js b/js/ui/status/network.js

index 79729e01b..914dbbd99 100644

--- a/js/ui/status/network.js

+++ b/js/ui/status/network.js

@@ -1700,7 +1700,6 @@ var NMApplet = class extends PanelMenu.SystemIndicator {

     _sessionUpdated() {

         const sensitive =

             !Main.sessionMode.isLocked &&

-            !Main.sessionMode.isGreeter &&

             this._configPermission && this._configPermission.allowed;

         this.menu.setSensitive(sensitive);

     }

-- 

2.31.1